ISNetworld Data Privacy Framework Policy

ISN participates in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension of the EU-U.S. Data Privacy Framework (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “DPF”) administered by the U.S. Department of Commerce. ISN commits to comply with the DPF Principles with regard to the processing of non-HR personal data received from the European Union, United Kingdom, and Switzerland in reliance on the DPF. If there is any conflict between the terms in this DPF Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
 

This DPF Policy explains how we collect, use, and disclose information, including Personal Data, in connection with our Services. For these purposes, “Personal Data” is any information relating to an identified or identifiable natural person located in the EU, UK, and/or Switzerland.

ISN owns and operates an online contractor-management platform called (“ISNetworld”). Through ISNetworld, ISN collects health and safety, procurement, quality, and regulatory information from ISNetworld-subscribing contractor customers (“ISNetworld Contractors”), ISNetworld data providers (“Data Providers”), and other public and private third-party sources (such as governmental databases), for the purpose of sharing that information with certain ISNetworld-subscribing hiring clients and contractor operators (“Hiring Clients”) for use in their contractor and supplier due-diligence processes (collectively, our “Services”). For more information about our Services and the use of information stored in ISNetworld, please visit our User Agreement at https://www.isnetworld.com/user-agreement.

Generally, the only Personal Data we will collect is what is provided to us voluntarily from ISNetworld Contractors, Data Providers, and Hiring Clients. We provide a link to our User Agreement and take precautions to ensure that the purposes for which we collect and use your Personal Data are clear. Although we do not normally collect information directly from individuals, we take reasonable steps to ensure that any party providing your Personal Data to us has informed you of this and has obtained your consent prior to doing so.

In addition to the information provided to us voluntarily from ISNetworld Contractors, Data Providers, and Hiring Clients, we also gather certain information automatically when you visit our website (https://www.isnetworld.com) (the “Website”). This information includes your Internet Protocol (IP) address, access times, browser type, device type, domain name, duration of visit, and referring URL. In addition, our Website may use “cookies” or similar tools. Please visit the general ISN Privacy Policy (the current version of which is available at https://www.isnetworld.com/privacy-policy) for more information about how our Website uses cookies or similar tools to track usage.

As a processor, ISNetworld Contractors and Data Providers provide us information, which may include Personal Data, generally in response to requests from Hiring Clients. The types of Personal Data we might collect includes name, occupation, employer, contact information, training, and work-related history, and other information relevant to work qualifications provided by ISNetworld Contractors and Data Providers that may be requested by Hiring Clients. If you work for a Hiring Client, the types of Personal Data we might collect from you includes username, email address, contact information, and other information provided to us by the Hiring Client.

As a controller, ISN obtains Personal Data in other ways. For example, we may collect Personal Data directly from you when you visit our websites. The type of Personal Data we may collect directly from you includes name, contact information, Personal Data you provide to us on our websites, and other data collected automatically through our websites. We may also collect Personal Data, such as contact information of our Hiring Clients’, ISNetworld Contractors’, Data Providers’, and vendors’ representatives who are located in the EU, UK, and Switzerland in order to manage our relationships with these parties and carry out our obligations under our contracts with these parties.

We use the information we collect to provide our Services to Hiring Clients and ISNetworld Contractors. As part of our internal processes, we may disclose the information we collect to our related corporate affiliates and third-party processors who assist us in providing the Services pursuant to our instructions, though we will ensure that all such corporate affiliates and third-party processors protect your Personal Data with the same level of protection as provided in this DPF Policy. Except as provided below, we will not disclose your Personal Data for any purposes other than in connection with providing our Services to Hiring Clients and ISNetworld Contractors.

While our User Agreement prohibits us from sharing your Personal Data with third parties for commercial purposes outside the scope of the Services, in certain instances we may be required to disclose your Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. To the extent permitted to do so, we will endeavor to inform you if we are required to disclose your Personal Data in response to a lawful request to do so. We also reserve the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).

When we collect Personal Data directly from individuals in the EU, UK, or Switzerland as a controller, we generally offer you the opportunity to choose if your Personal Data may be (i) disclosed to third parties acting as controllers or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant individual. To the extent required by the DPF Principles, we obtain opt-in consent for certain uses and disclosures of sensitive data, as defined by the DPF. Individuals may contact ISN as indicated below regarding the company’s use or disclosure of their Personal Data.

When we maintain Personal Data about individuals in the EU, UK, or Switzerland for whom we obtained or maintain the Personal Data as a processor, our Hiring Clients, ISNetworld Contractors, and Data Providers are responsible for providing the relevant individuals with certain choices with respect to the Hiring Clients’ and ISNetworld Contractors’ use or disclosure of the Personal Data.

From time to time we may also use your Personal Data to provide you with information about our Services, including updates and changes relating to ISNetworld. You may choose to “opt out” of receiving this type of information at any time by contacting us as provided in Section 9 below.

We strive to provide our Services in the best possible manner, which means it is very important that the information in ISNetworld remains accurate, complete, and up-to-date. As we rely on Hiring Clients, ISNetworld Contractors, and Data Providers for information, we take steps to ensure that these parties understand the importance of keeping the information they maintain and share through ISNetworld as accurate and current as possible. However, unless we are notified that any of your Personal Data is inaccurate or incomplete, we cannot take steps to correct it. You generally have the right to request access to your Personal Data. When we maintain Personal Data about individuals for whom we obtained or maintain the Personal Data as a processor, the Hiring Clients, ISNetworld Contractors, or Data Providers are responsible for providing you with access to your Personal Data and the right to correct, amend, or delete the information where it is inaccurate or has been processed in violation of the DPF Principles, as appropriate. In such circumstances, you should direct your questions to the appropriate Hiring Client, ISNetworld Contractor, or Data Provider. When you are unable to contact the appropriate Hiring Client, ISNetworld Contractor, or Data Provider, or do not obtain a response from the appropriate Hiring Client, ISNetworld Contractor, or Data Provider, ISN will provide reasonable assistance in forwarding your request to the appropriate Hiring Client, ISNetworld Contractor, or Data Provider.

When we maintain Personal Data as a controller, we provide a reasonable opportunity for individuals in the EU, UK, or Switzerland to correct, amend, or delete the information where it is inaccurate or has been processed in violation of the DPF Principles, as appropriate. We may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. You may request access to your Personal Data by contacting ISN as indicated below in Section 9. Given the nature of our Services, we may need to retain Personal Data after the end of any particular engagement involving Hiring Clients, ISNetworld Contractors, or Data Providers (e.g., to provide a historical audit trail for safety and qualification purposes).

ISN takes reasonable and appropriate measures to help protect your Personal Data from loss, misuse, and unauthorized access, modification, or disclosure, taking into account the risks involved in the processing and the nature of the Personal Data.

In the event we transfer your Personal Data, we will take appropriate measures to protect your privacy and the Personal Data we transfer. Should we need to transfer your Personal Data for purposes other than for providing the Services and in accordance with this DPF Policy, we will, to the extent permitted by law, obtain assurances from the recipients that they will safeguard your Personal Data in a manner that is consistent with this DPF Policy. In addition, if we learn that an agent is using or disclosing your Personal Data in a manner that is contrary to this DPF Policy, we will take reasonable steps to prevent or stop such use or disclosure. ISN may be liable for onward transfers of Personal Data to third parties in violation of this DPF Policy and the Data Privacy Framework.

We welcome any questions or comments you might have about our Services and the information provided in this DPF Policy. In compliance with the DPF Principles, ISN commits to resolve complaints about your privacy and our collection or use of your Personal Data. Individuals in the EU, UK, or Switzerland with inquiries or complaints regarding this DPF Policy or ISN’s handling of Personal Data received in reliance on the DPF should contact us by email at dpf@isn.com.

ISN has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

In addition, the United States Federal Trade Commission has investigatory and enforcement powers over ISN regarding compliance with the Data Privacy Framework. There is a possibility, under certain conditions, for individuals to invoke binding arbitration to address complaints about ISN’s compliance with the DPF Principles. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

We reserve the right to amend this DPF Policy from time to time to account for new laws and technologies, changes to our Services, and for other related purposes. In the event that we amend this DPF Policy, we will post a notice on our website (https://www.isnetworld.com).